[GH-ISSUE #287] Best way to use Spotify inside an API? #160

New issue

Closed

opened 2026-02-27 23:21:08 +03:00 by kerem · 4 comments

kerem commented

2026-02-27 23:21:08 +03:00

Owner

Originally created by @Jeoffreybauvin on GitHub (May 10, 2018).
Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/287

Hi,

I'm using Spotipy in a Flask API (full rest). I'm trying to use util.prompt_for_user_token for login, and it's working.

But now, I want to create an entrypoint /authenticate, which send me back the URL that util.prompt_for_user_token is trying to open in my browser.

I don't see any information in the documentation to do so. Can I catch this URL without opening my browser ?

Originally created by @Jeoffreybauvin on GitHub (May 10, 2018). Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/287 Hi, I'm using Spotipy in a Flask API (full rest). I'm trying to use util.prompt_for_user_token for login, and it's working. But now, I want to create an entrypoint /authenticate, which send me back the URL that util.prompt_for_user_token is trying to open in my browser. I don't see any information in the documentation to do so. Can I catch this URL without opening my browser ?

kerem

2026-02-27 23:21:08 +03:00

closed this issue
added the
question

documentation
labels

kerem commented

2026-02-27 23:21:09 +03:00

Author

Owner

@MaZderMind commented on GitHub (Jan 21, 2020):

@Jeoffreybauvin In the Case described by you I would not use util.prompt_for_user_token, because it clearly states to be a utility to get you up and running quickly. When Implementing a custom RESt-API, I would instead operate the required Client-Classes directly.

When removing all the input-checking and comments from util.prompt_for_user_token there is not a lot left:

def redirect_user_to_oauth(username, scope=None, client_id=None,
                          client_secret=None, redirect_uri=None,
                          cache_path=None):

…
    sp_oauth = oauth2.SpotifyOAuth(client_id, client_secret, redirect_uri,
                                   scope=scope, cache_path=cache_path)
…
    token_info = sp_oauth.get_cached_token()
    if not token_info:
        auth_url = sp_oauth.get_authorize_url()
        return auth_url


def handle_callback(code):
    token_info = sp_oauth.get_access_token(code)
    return token_info['access_token']

As an API-Implementor you have to provide the requisite options to oauth2.SpotifyOAuth and have it request an auth_url for you. Depending on the Implementation of your REST-API I would return this URL to my client in order for it to open it in a popup or otherwise have my user access it.

After the OAuth2 dance, the user is redirected to the redirect_uri you provided, which should be some url in your application (it might also be a local server if your writing a native app). The supplied code is then transferred to your REST-API in a second call, which can use it to request token_info on you users behalf.

@MaZderMind commented on GitHub (Jan 21, 2020): @Jeoffreybauvin In the Case described by you I would not use `util.prompt_for_user_token`, because it clearly states to be a utility to get you up and running quickly. When Implementing a custom RESt-API, I would instead operate the required Client-Classes directly. When removing all the input-checking and comments from `util.prompt_for_user_token` there is not a lot left: ```python def redirect_user_to_oauth(username, scope=None, client_id=None, client_secret=None, redirect_uri=None, cache_path=None): … sp_oauth = oauth2.SpotifyOAuth(client_id, client_secret, redirect_uri, scope=scope, cache_path=cache_path) … token_info = sp_oauth.get_cached_token() if not token_info: auth_url = sp_oauth.get_authorize_url() return auth_url def handle_callback(code): token_info = sp_oauth.get_access_token(code) return token_info['access_token'] ``` As an API-Implementor you have to provide the requisite options to `oauth2.SpotifyOAuth` and have it request an `auth_url` for you. Depending on the Implementation of your REST-API I would return this URL to my client in order for it to open it in a popup or otherwise have my user access it. After the OAuth2 dance, the user is redirected to the `redirect_uri` you provided, which should be some url in your application (it might also be a local server if your writing a native app). The supplied code is then transferred to your REST-API in a second call, which can use it to request `token_info` on you users behalf.

kerem commented

2026-02-27 23:21:09 +03:00

Author

Owner

@stephanebruckert commented on GitHub (Feb 27, 2020):

For now this provides good inspiration to solve the issue https://github.com/plamere/spotipy/pull/435#issuecomment-583890341

@stephanebruckert commented on GitHub (Feb 27, 2020): For now this provides good inspiration to solve the issue https://github.com/plamere/spotipy/pull/435#issuecomment-583890341

kerem commented

2026-02-27 23:21:09 +03:00

Author

Owner

@stephanebruckert commented on GitHub (May 30, 2020):

Just added an example here https://github.com/plamere/spotipy/blob/master/examples/app.py

@stephanebruckert commented on GitHub (May 30, 2020): Just added an example here https://github.com/plamere/spotipy/blob/master/examples/app.py

kerem commented

2026-02-27 23:21:09 +03:00

Author

Owner

@andrewhansen89 commented on GitHub (Jun 16, 2020):

Just added an example here https://github.com/plamere/spotipy/blob/master/examples/app.py

Doesn't this example need a cache_path or username?

@andrewhansen89 commented on GitHub (Jun 16, 2020): > Just added an example here https://github.com/plamere/spotipy/blob/master/examples/app.py Doesn't this example need a cache_path or username?